Cross-platform Electron apps may be vulnerable to attack; update yours now

May 14, 2018 Matthew Hughes


Electron is a popular framework for building cross-platform desktop applications using web technologies. The tool was created by GitHub, and is the basis of several popular apps like Slack, Visual Studio Code, Discord, and the Atom text editor. And until very recently, it suffered from a vulnerability that could have allowed an adversary to execute their own arbitrary code on a victim’s computer. The vulnerability, CVE-2018-1000136, was spotted by Trustwave’s eagle-eyed security researcher, Brendan Scarvell. It affects versions of Electron below 1.7.13, 1.8.4, or 2.0.0-beta.3. Thankfully, the Electron team has issued a fix, although it’s up to individual developers to implement…

This story continues at The Next Web

Previous Article
New DNA forensics are helping police find out who definitely didn’t do it
New DNA forensics are helping police find out who definitely didn’t do it

It’s been a big month for DNA profiling. A few weeks ago, after over 30 years, the American police finally ...

Next Article
German bank replaces SWIFT with Bitcoin for international loan transfers
German bank replaces SWIFT with Bitcoin for international loan transfers

Bitbond, a German online bank, is utilizing Bitcoin to allow international transfer of loans. The service a...